OAuth ‘masterclass’ crowned top web hacking technique of 2022
Adam Bannister 10 February 2023 at 14:56 UTC Updated: 10 February 2023 at 14:58 UTC Single sign-on and request smuggling to the fore in another…
Category: PortSwigger
Radio silence from DMS vendor quartet over XSS zero-days
No response or patch yet forthcoming from providers of vulnerable document management systems Researchers have disclosed a raft of serious document management system (DMS) vulnerabilities…
New XSS Hunter host Truffle Security faces privacy backlash
Adam Bannister 09 February 2023 at 17:12 UTC Updated: 09 February 2023 at 17:44 UTC Anonymized numbers of bug discoveries swiftly deleted after pushback The…
Second UK Computer Misuse Act consultation reflects ‘very little progress’
Campaigner bemoans glacial progress of review and urges government to set clear timetable A review of the UK’s creaking cybercrime laws has been criticized for…
DOM XSS vulnerability in Gartner Peer Insights widget patched
Web attack vector closed after failed fix Gartner has patched a DOM XSS vulnerability found in the Peer Insights widget, a security bug researchers reckon…
Toyota sealed up a backdoor to its global supplier management network
Adam Bannister 07 February 2023 at 17:34 UTC Updated: 07 February 2023 at 17:38 UTC Hacker praises carmaker’s prompt response to the (mercifully) good-faith pwnage…
Google engineers plot to mitigate prototype pollution
John Leyden 06 February 2023 at 15:57 UTC Updated: 06 February 2023 at 16:01 UTC Plan to create boundary between JavaScript objects and their blueprints…
Serious security hole plugged in infosec tool binwalk
Adam Bannister 03 February 2023 at 16:36 UTC Updated: 03 February 2023 at 16:37 UTC Path traversals could ‘void reverse engineering efforts and tamper with…
Truffle Security relaunches XSS Hunter tool with new features
Popular hacking aid resurrected following end-of-life announcement XSS Hunter now has a home at Truffle Security, which has launched a new version of the tool…
Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’
Printer exploit chain could be weaponized to fully compromise more than 100 models A security researcher dropped a zero-day remote code execution (RCE) chain of…
Bug Bounty Radar // The latest bug bounty programs for February 2023
New web targets for the discerning hacker A bypass of Facebook’s SMS-based two-factor authentication (2FA) made it into Meta’s most impressive bug bounty finds of…
Deserialized web security roundup: ‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news “A far-reaching, catastrophic cyber event is likely in the next two years”…